configure web http access-profile

configure web http access-profile [[[add rule ] [first | [[before | after] previous_rule]]] | delete rule | none ]

Description

Configures HTTP to use an ACL (Access Control List) rule for access control.

Syntax Description

add Specifies that an ACL rule is to be added to the website.
rule Specifies an ACL rule.
first Specifies that the new rule is to be added before all other rules.
before Specifies that the new rule is to be added before a previous rule.
after Specifies that the new rule is to be added after a previous rule.
previous_rule Specifies an existing rule in the application.
delete Specifies that one particular rule is to be deleted.
none Specifies that all the rules or a policy file is to be deleted.

Default

N/A.

Usage Guidelines

You must be logged in as administrator to configure HTTP parameters.

Use this command to restrict HTTP access by adding an ACL rule to the HTTP application. Once an ACL is associated with HTTP, all the packets that reach a HTTP module are evaluated with this ACL and appropriate action (permit or deny) is taken, as is done using policy files.

The permit or deny counters are also updated accordingly regardless of whether the ACL is configured to add counters. To display counter statistics, use the tftp put http command.

Only the following match conditions and actions are copied to the client memory. Others that may be in the rule are not copied.

Match conditions

  • Source-address—IPv4 and IPv6

Actions

  • Permit
  • Deny

When adding a new rule, use the first, before, and after previous_rule parameters to position it within the existing rules.

If the SNMP (Simple Network Management Protocol) traffic does not match any of the rules, the default behavior is permit. To deny SNMP traffic that does not match any of the rules, add a deny all rule at the end or the rule list.

Example

The following example copies the ACL rule, DenyAccess to the HTTP application in first place:

configure web http access-profile add DenyAccess first

The following example removes the association of the ACL rule DenyAccess from the HTTP application:

configure web http access-profile delete DenyAccess

The following example removes the association of all ACL rules from the HTTP application:

configure web http access-profile none

History

This command was first available in ExtremeXOS 12.5.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.